In-House TSCM Bug Sweeps vs. Outsourced TSCM Bug Sweeps

The in-house TSCM bug sweep vs. outsourced TSCM bug sweep debate…

Once in a while, I still hear from someone who’s boss wants them to start an in-house Technical Surveillance Countermeasures (TSCM) department within their business organization.

Seems a quaint notion today, but who can blame them? In-house TSCM efforts were once commonplace.

In fact, in addition to providing these services, my consulting firm often was engaged to specify TSCM instrument purchases, and train in-house technicians. So, having been on both sides of the discussion, I am objective and unbiased.

In-house TSCM is pretty much a dead issue these days. Most organizations have phased out their in-house TSCM efforts. There are several good reasons for this…

These are not your father’s surveillance devices.

Eavesdropping and recording devices these days may be purchased in a wide variety of excellent covert disguises. A in-house TSCM physical inspection by an amateur (even with training) will miss all but the most obvious surveillance items.

Today, an in-house TSCM search is barely adequate even for a small company with a few spartan conference rooms. At a multinational corporate headquarters, who’s executive floors are now showplaces of technology, an in-house TSCM inspection is not just inadequate, it is almost negligent.

Human nature works against an in-house staff inspection.

Physical searching is work. It involves bending, stooping, looking under tables. This is not to slight an otherwise excellent security staff, but consider the reality…

If you give someone more work, longer hours, they will want more money to do it. No money, no serious search.

Inspecting the same, limited environment is mind-numbing.

If you give someone the job of finding something they can’t recognize even if they see it, they will start thinking, “There is nothing to see, so why look.”

Everyone is eager and excited in the beginning of a new in-house TSCM program, but this soon fizzles out.

Initial training is soon forgotten.

Let me share one of our experiences with you… A few years ago, one of our clients who has an in-house TSCM program called us in for “advanced” training. They had purchased equipment and initial training from a manufacturer 3-4 years prior. Turned out their spectrum analyzer was working at only 30% sensitivity… and they weren’t aware they had a problem! “It always worked this way,” I was told.

Items working against even the most sincere in-house TSCM techs…

Retaining initial training takes practice.

Keeping up takes continuing education.

Developing a depth of experience takes a diversity of inspection situations.

Executives are sensitive about their privacy.

On one hand, executives want protection against electronic surveillance. On the other hand, they would be pleased if this could be accomplished without someone poking around their office… Especially, a lower-level, company employee who has a vested interest in, and understanding of, all the paperwork on their desks and in their drawers.

Cost is no argument.

“An in-house TSCM effort is cost-effective.” In the 21st Century this is a specious argument at best. Cost won’t matter when you suffer a loss due to ineffective in-house TSCM efforts. Every espionage loss is an expensive loss.

TSCM Recommendations

Spend the money; buy real protection. Hire a professional TSCM specialist. It is cheap insurance. No… it is better than insurance. Insurance can’t prevent the loss.

Their searches are focused. They have no interest in company politics, and won’t be there the next day to gossip with other employees. In fact, using an out-of-town consulting firm further reduces the possibility of these complications.

They are acclimated to being in executive offices, i.e. they don’t play with the shelf toys, ogle the family pictures or make inappropriate comments about any apparent wealth.

Most importantly, a professional team brings with them a wealth of field experience and knowledge that no part-time, in-house “tech” can possibly possess.

All this being said, I would recommend in-house TSCM for very large organizations, with multiple locations, if…

the team will be 100% dedicated to this work, without distractions,

ongoing training is fully funded,

instrumentation is kept up to date,

and the inspection locations are varied.

or… if you want to conduct due diligence inspections for covert video voyeur cameras. Security and facilities personnel can be trained to handle this competently. They need to know about where to look and what to look for. An on-line, self-paced, video-based, spycam detection training course, can be found here. The course is interesting, entertaining and takes about an hour to complete.

In some cases it is reasonable to develop a hybrid in-house TSCM program. In-house TSCM staff would handle limited, last-minute needs. A professional TSCM team would conduct overall inspections on a scheduled basis, and be consulted when the in-house TSCM team had a question.

Make sure your inspections are being conducted with regularity. Get the best team you can to conduct your bug sweeps if you want true cost-effectiveness. Do these two things. Be the one who saves your organization from economic espionage, and protects the privacy of all the employees.

If you have any questions, or would like to discuss a TSCM inspection of your location, please feel free to contact me directly.

###

Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant and TSCM specialist with over four decades of experience.

Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.

Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.